Tech Ethics

This year, the Vermont Judiciary will start the rollout of its Odyssey Case Management System (“CMS”).

In January, Judge Kate Hayes, Andy Stone (the Judiciary’s CMS Project Director) and me presented a CLE on the new system. Our CLE opened the Vermont Bar Association’s YLD Thaw. The VBA has graciously made the material available here. Judge Hayes & Andy addressed practical issues, while I touched on ethics issues associated with e-filing.

This will sound odd coming from a blogger who built this blog on the mantra “competence includes tech competence.” But, with respect to the ethics issues associated with the new CMS, my message is this:

Don’t get too caught up in the tech aspect of it. The fact is, your duties will be no different than in a paper-based system. That is, the duty to provide clients with competent representation will include understanding what the rules of electronic filing require.

On that note, I have good news.

E-filing isn’t new. It was introduced in the state courts in 2010. In addition, many of you practice in the federal District Court and Bankruptcy Court. E-filing is a thing in each. In all my time here, I’ve received fewer than 3 complaints alleging that a lawyer’s lack of tech proficiency negatively impacted a client’s matter.

The Vermont Judiciary has adopted rules for electronic filing. As I understand it, a committee is looking at prposed changes to the rules. If and when those changes are made, they will be available on the Judiciary’s website.

The CMS rollout will progress in stages. That is, the Judicial Bureau, the Environmental Unit, the Supreme Court, and the various units (counties) will come online over time. As courts in which you appear transitionto CMS, you should familiarize yourself with the rules for electronic filing.

Fear not. Remember: fewer than 3 complaints.

Also, when it comes to technology, it’s usually not “tech” that gets a lawyer in trouble. It’s using tech to do something that would’ve been unethical if done without tech.

(The same post includes a digest of cases & opinions in which lawyers were sanctioned for disclosing client confidences in response to negative online reviews. Remember, it’s not the fact that the confidences were disclosed online that’s the problem: it’s that they were disclosed!)

Similarly, as I blogged here, comments that would’ve been inappropriate in a telegram to a client are no less inappropriate because they were made via Messenger.

Which gets me to final point: whether by smoke signal, spoken word, typed document, or electronic submission, dishonesty is unethical.

Preparing for the Montreal seminar, I asked attorney regulators in states that have moved exclusively to e-filing to share with me any cases in which lawyers were disciplined for conduct involving “e-filing.” Here are some of the responses:

“The worst ethical dilemma/violation I have experienced with e-filing involved a recently terminated associate from a Regional Workers Comp Firm. He called me to tell me that once his firm terminated him a managing partner ordered a surviving associate to ‘pull all his files and draft and e-file Motions to Withdraw stating [the terminated lawyer] is no longer with the Firm…’ The Partner then directed the associate/assistant to e-file the Motions under terminated attorney’s name and file with [the terminated lawyer’s] e-file credentials!!!! Terminated attorney received email notifications on several Motions and Orders granting the Motions before he was able to call the Clerk’s office and state that someone was filing under his name without his permission.”

Yes, believe it or not, impermissibly using another lawyer’s e-filing credentials, and forging that lawyer’s e-signature, is a problem. And it’s a problem that has little to do with “tech.”

2. “We have had a couple of instances of one lawyer allegedly e-signing opponents counsel to an unagreed to stipulation.”

Yes, believe it or not, fraudulently “signing” opposing counsel’s name is a problem. And it’s a problem that has nothing to do with “tech.”

3. “Mike, here’s one for you … a lawyer ‘e-filed’ a declaration with the expert signing electronically (“/s/”) … but the lawyer knew the expert refused to sign … our court suspended the lawyer for 90 days.”

Yes, believe it or not, fraudulently “signing” an expert’s name to a declaration that you know the expert had refused to sign herself is a problem. And it’s a problem that has nothing to do with “tech.”

Finally, I became aware of a case in which a United States Bankruptcy Court (not Vermont’s) raised concerns over a lawyer’s lack of proficiency at filing electronically. So, the court assigned the lawyer “homework.” The “homework” was to re-file 9 documents, without any mistakes, and without assistance from another lawyer.

The lawyer paid another attorney to file the documents.

As a result, the bankruptcy court suspended the lawyer from practicing before it. Again, intentionally disobeying a court order has little to do with “tech” or “e-filing.”

Will e-filing be new to some of you? Yes.

Will you have to learn things along the way? Yes.

Will some of you need help figuring out how to e-file? Yes.

Is mandatory e-filing likely to put your license at risk? No.

As I’ve indicated, it’s not e-filing itself that trips up attorneys. Rather, it’s engaging in conduct that would’ve been unethical at every moment in the entire history of a regulated practice of law.

To borrow a phrase from Larry David and Teri Hatcher, my blog posts are real and they’re spectacular! Apparently not all law blogs can truthfully say the former.

Last month, the ABA Journal posted Ghostwriting for law blogs? Ethics are murky. It’s a topic that’s new to me, one not raised in any of the ethics inquiries or formal disciplinary complaints that I’ve responded to and reviewed over the years. The ABA Journal post includes insight from some of the more well-known voices on both professional responsibility and tech ethics.

But let’s back up for a moment. You might be asking your self: “self, what is Mike even talking about?” Good question.

“What are We Talking About?

The ghost-blogging I’m talking about is when an attorney pays someone else (a non-attorney) to write articles published under the attorney’s name on the attorney or law firm’s website. As a result, the world thinks the attorney wrote it when the attorney had little to no part in its creation.”

Again, not an issue I’ve encountered. But, an issue that raises ethics concerns.

Many law blogs are part of a lawyer’s website. Websites communicate information about the services that the lawyer provides. Per V.R.Pr.C. 7.1,

“A lawyer shall not make a false or misleading communication about the lawyer or the lawyer’s services. A communication is false or misleading if it contains a material misrepresentation of fact or law, or omits a fact necessary to make the statement as a whole not materially misleading.”

The final sentence of Comment [1] is “whatever means are used to make known a lawyer’s services, statements about them must be truthful.”

So, let’s say that a firm focuses on Practice Area. And let’s say that the firm’s website includes a blog dedicated to Practice Area. Does the firm violate the rules by paying a content developer to ghostwrite the posts and then posting them under the “byline” of one of the firm’s lawyers?

My gut reaction was “is it really THAT misleading?” But then I paused. Because whenever we start asking whether something “is really THAT misleading,” we’ve established that it is, in fact, misleading.

In that it never arises, I don’t want to belabor the issue. Suffice to say, if your website or blog includes posts that you paid someone else to ghostwrite, check out the articles referenced above.

Finally, I proof read by reading aloud. Reading this blog about law blogs aloud reminded me of two things.

Last year, I blogged on the Florida case in which a lower level court held that, standing alone, a judge’s Facebook friendship with a lawyer is not sufficient to disqualify the judge from a matter in which the lawyer appears.

I wrote:

This makes sense to me. As with almost everything tech-related, I try to use analogies to non-tech stuff. For example, if you learned that a lawyer who regularly appeared before a judge belonged to the same health club, or went to the same church, or was in the same law school class as the judge my guess is that you wouldn’t reflexively yell “conflict! disqualify the judge!”

No, you might ask something as simple as, “do they actually know each other? If so, how well? Do they do stuff together?”

In my view, Facebook is no different. Florida’s Third District Court of Appeal agrees. The opinion presents a fantastic analysis of what it means, if anything, to be Facebook friends with someone.

The decision directly conflicted with another from a different Florida district. So, the Florida Supreme Court agreed to resolve the issue.

Today, the Court issued its opinion. For those of you who like to cut to the case, here you go:

“We hold that an allegation that a trial judge is a Facebook ‘friend’ with an
attorney appearing before the judge, standing alone, does not constitute a legally
sufficient basis for disqualification.”

I like the opinion. I like it because it resolves a “tech” issue by analogizing to how we did things pre-tech. To summarize:

Since well before Facebook and social media, Florida law has recognized “that an allegation of mere friendship between a judge and a litigant or attorney appearing before the judge, standing alone, does not constitute a legally sufficient basis for disqualification.”

There’s no reason to treat a Facebook friendship any differently than a “traditional” friendships. In fact, it’s likely that Facebook friends are less friendly than traditional friends.

“In short, the mere fact that a Facebook friendship’ exists provides no
significant information about the nature of any relationship between the Facebook
‘friends.’ Therefore, the mere existence of a Facebook ‘friendship’ between a
judge and an attorney appearing before the judge, without more, does not
reasonably convey to others the impression of an inherently close or intimate
relationship. No reasonably prudent person would fear that she could not receive a
fair and impartial trial based solely on the fact that a judge and an attorney
appearing before the judge are Facebook ‘friends’ with a relationship of an
indeterminate nature.”

From there, the Florida Supreme Court observed that its decision is consistent with the majority of states that have addressed the issue.

Finally, remember: just like real-life relationships, a Facebook friendship or other social media connection might create an appearance that provides a basis to inquire further. So maybe it’s best to avoid such connections.

For now, here’s the final paragraph from the Florida opinion:

“In some circumstances, the relationship between a judge and a litigant,
lawyer, or other person involved in a case will be a basis for disqualification of the
judge. Particular friendship relationships may present such circumstances
requiring disqualification. But our case law clearly establishes that not every
relationship characterized as a friendship provides a basis for disqualification. And
there is no reason that Facebook ‘friendships’—which regularly involve
strangers—should be singled out and subjected to a per se rule of disqualification.”

The first rule in the Vermont Rules of Professional Conduct requires lawyers to provide clients with competent representation. I’ve long argued that Rule 1.1’s duty of competence includes tech competence.

Last week, the Vermont supreme Court promulgated amendments to Rule 1.1. The amendments add three new comments, including one that makes it clear that, in fact, the duty of competence includes tech competence. As amended, Comment [8] now reads:

Maintaining Competence

[8] To maintain the requisite knowledge and skill, a lawyer should keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technologygy, engage in continuing study and education and comply with all continuing legal education requirements to which a lawyer is subject.

Don’t confuse the meaning of the new comment. It does not require lawyers to know how to use every new gizmo, gadget, or app. It’s far more practical than that.

For instance, do you understand the risks and benefits of using certain technologies to transmit confidential communications? Or the risks and benefits of mobile payment services? Have you thought about disabling autocomplete? Do you advise clients against being too social?

Also, don’t sleep on the other new comments. As legal outsourcing becomes more prevalent, the new comments provide helpful guidance.

At seminars, including this morning’s for the VBA’s Basic Skills Program, I’ve stated my opinion that lawyers should at least consider client portals. Thus, it was with great joy that I stumbled upon this post in the ABA Journal:

Give it a read. It’s a good intro to portals and other alternatives to e-mail.

Finally, don’t forget that it’s often the simple things that result in the accidental or inadvertent disclosure of client confidences. For instance, not disabling auto-complete, or, exposing a client to the perils of an unintentional “reply-all.”

“You will have many opportunitiesto keep your mouth shut.You should take advantageof everyone of them.”

(aside: choosing not to blog is probably one of the opportunities of which I should take advantage.)

Second, despite my big belief that silence is a virtue, I was intrigued by two arguments in the ABA Journal’s post. Specifically, the arguments that (1) at times, the duties of competence & diligence require a lawyer to speak out in a client’s defense; and (2) the rules prohibiting such conduct run afoul of the First Amendment. Alas, I can count on 2 fingers the number of Rule 3.6 complaints we’ve received in the past 15 years. So, I am not so intrigued to do more than mention my intrigue.

Finally, there’s a little nugget in the article that, in my view, is great advice not just for lawyers who represent celebrities, but for lawyers who represent, well, clients.

Referring to lawyers who represent famous people, the article says:

“Client and entourage use of social media can compromise a defense. Ethically, attorneys have to make sure their clients and their team understand ground rules and place limitations on social media use related to the case.”

Trust me, I understand that very few of my readers represent the Vinny Chases of the world. Nonetheless, I think the second sentence is critically important even for lawyers whose clients don’t have their own versions of E, Turtle, and Johnny Drama.

Why?

Because these days, entourage or not, what client isn’t on social media??? And that’s where the very next paragraph in the ABA Journal post comes in. Quoting Ann Murphy, a professor at Gonzaga University School of Law, the post notes:

” ‘Attorneys, as part of their ethical duties, must now counsel their clients on the use of social media,’ Murphy says. ‘Once it is out there, it is out there. Even if someone deletes a Facebook post—it likely has been saved as a screenshot and is of course subject to discovery,’ she adds. ‘Personally, I think the best advice is tell the client that any posts about his or her case must be viewed in advance by the attorney.’ “

That’s a fantastic tip. Professor Murphy – if perchance you find this blog, In Few I Trust. Go Zags! 2019 national champs!

Now, I can hear some of you now – “mike, am I supposed to know what my client puts on social media?”

Well, opposing counsel will. So unless you’re comfortable finding out about that damning tweet or post at deposition or in mediation, then my response is:

At the very least – and by “very least” I mean “barest of bare minimums” – I think lawyers have a duty to communicate to their clients the risks associated with posting info to a public forum.

Hmm…I guess this is where I can finally reference Hall & Oates. When it comes to advising clients on the risks of posting too much to social media, it might be this:

Private eyes, they’re watching you. They see your every move. And they definitely see what you put out there to be seen.

Anyhow, while the ABA Journal article focuses on the risks associated with representing famous clients, it includes a tidbit that applies to any lawyer who has a client on social media: what happens on social media rarely stays on social media.

Tech competence. It’s a thing.

By the way, among my friends, I’m definitely E. My brother is almost definitely Drama. Alas, while we have several candidates for Turtle, not many for Vinny. And at risk of offending my friends, the “many” in that previous sentence? It’s pronounced with a silent “m.”

Hint: this post doesn’t mention Ari Gold. Which means his name might be of utmost importance later in the week.

I’ve blogged often on tech competence and the duty to safeguard client data. In short, lawyers have a duty to take reasonable precautions against the inadvertent disclosure of or unauthorized access to confidential client information.

No matter the mode of communication, no matter the place that information is stored, a lawyer must safeguard client information. And, as I explained here, it makes perfect sense not to get into the habit of re-evaulating a lawyer’s duty with every new technology. Whatever the next new thing is, a lawyer’s duty will remain the same: to take reasonable precautions against the inadvertent disclosure of or unauthorized access to client information.

But, as this post in the ABA Journal points out, lawyers and law firms aren’t sailing into uncharted waters. There are lessons to be drawn from other professions. Per the post, those lessons include:

Encryption is important. I’d even venture to opine that if it isn’t already, we aren’t long for the day when the failure to encrypt is tantamount to a failure to take reasonable precautions.

Partners and more senior lawyers have to follow the same rules as everyone else. “I don’t do tech” isn’t reasonable. It’s no different from saying “I don’t do ‘protecting client information.’ “

Employees and 3rd party vendors need to be trained on the importance of data security.

There’s a great quote in the article. It’s from Michael Mason, chief of security for Verizon Communications: law firms should foster, grow, and ” ‘develop a culture of security.’ ”

A culture premised on “we hope it doesn’t happen to us” is not a culture of security.

With “it” being a breach, the dreaded “it” has happened not just to lawyers and law firms, but to many other professions. As the ABA Journal suggests, lawyers would be wise to take heed of the lessons learned by those other professions.

So, later today, I’m presenting a CLE to the Washington County Bar Association. The august group’s leaders asked that I talk about some of the ethical issues that arise from lawyers’ failure to understanduse of social media.

Prepping for the seminar, I was struck by two things.

Some of you are quietly hoping they were both lightning bolts. Nope.

Rather, I realized that for all I write about tech competence, (1) in college, I bought a Betamax, siding with Sony in the Format War against VHS; and (2) more recently, I thought Blockbuster would squash that little upstart called Netflix.

Anyhow, for those of you interested in the topic, the folks over at Internet for Lawyer maintain this great list of the various advisory ethics opinions on social media. As for me, I’ve blogged often on the subject This post – Friends, Followers, and Legal Ethics – sums up my thoughts.

Finally, at the CLE, I’m going to mention this opinion from the titanic clash of Oracle v. Google. As I reviewed it yesterday afternoon, I wondered whether the judge considered ending the opening sentence after the words “trial lawyers.”

“Trial judges have such respect for juries — reverential respect would not be too strongto say — that it must pain them to contemplate that, in addition to the sacrifice jurors make for our country, they must suffer trial lawyers and jury consultants scouring over their Facebook and other profiles to dissect their politics, religion, relationships, preferences, friends, photographs, and other personal information.”

Yesterday, I met with lawyers from the Lamoille County Bar Association. Leslie Black, president-emeritus (by my proclamation) of the LCBA, had me up to talk legal ethics.

As an aside, Leslie stole the show by showing up with a fresh batch of bouchons. You might have heard of Thomas Keller and the Bouchon Bakery. Fine stuff, I’m sure.

Well, Leslie’s lemon bouchons, with a hint of cinnamon, are better. And that, my friends, is not mere puffery. The trick, je pense, is her brown butter recipe.

Leslie – les bouchons etait magnifique!

Now, back to business.

First off, I hope I’ve dispelled those who are less tech competent than others of the notion that “bouchon” has something to do with cybersecurity & ransomware.

Next, yesterday, we had an interesting discussion on cybersecurity & ransomware. I’ve blogged previously on the issue here. I’m blogging again for a few reasons. Mainly, to stress a key point that David Polow made at the CLE: back-up. Storing info only in the cloud isn’t enough.

” The panelists say that the core of ransomware protection is a robust backup system. However, Simek said that backups need to be tested on a periodic basis.If a firm’s backup is in the cloud, then redundancies of that backup system should be made as well—in other words, one backup is insufficient. For the truly business-critical data, McNew said a backup should be stored offsite and ‘air gapped,’ meaning it is not able to connect to the internet.”

Or, as Jim Knapp says, when it comes to backup “onsite, online, air-gap.”

Are you likely to be targeted? I don’t know. It happened to one of the nation’s largest firms. And, a Vermont firm was targeted in April. The firm did not have sufficient back-up and data was at risk.

If it’s an issue that concerns you, talk to someone with a tech background. Here are a few links from my original post that might be helpful:

Last month, I became aware of a law firm that was the subject of a ransomware attack. The cyber attacker blocked the firm’s access to client files and demanded a ransom.

Reminder: if a lawyer’s electronic files are compromised in a cyber attack, the question of whether the lawyer violated the Rules of Professional Conduct will likely turn on whether the lawyer took reasonable precautions to safeguard against the unauthorized access of client data. In other words, being the victim of an attack is not, in & of itself, an ethics violation.

For example, consider two scenarios.

Scenario 1: Lawyer operates a solo practice. Lawyer employs a state-of-the art security system. Nevertheless, a determined criminal uses C-4 to detonate into the office, into the safe, and then steals Lawyer’s files.

Scenario 2: Attorney operates a solo practice. Attorney keeps client files in an unlocked cabinet that’s on the front porch. A lazy criminal walks up the steps, opens a drawer, and takes some of Attorney’s files.

Between the two, my guess is that a hearing panel is more likely to conclude that Lawyer is the one who took reasonable precautions against the inadvertent or unauthorized disclosure of confidential information.

In any event, on the subject of ransomware, here are few thoughts:

a lawyer who I know suggests 3 distinct back-ups: onsite, online, and air-gap;